class DocumentsController < ApplicationController
  before_filter :login_required, :authorization_required
  
  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :put, :only => [ :update ], :redirect_to => { :action => :index }
  verify :method => :post, :only => [ :create ], :redirect_to => { :action => :index }
  verify :method => :delete, :only => [ :destroy ], :redirect_to => { :action => :index }
  
  def index
    @document_pages, @documents = paginate :documents, :per_page => 10
  end
  
  def show
    @document = Document.find(params[:id])
  end
  
  def new
    @document = Document.new
  end
  
  def create
    @document = Document.new(params[:document])
    if @document.save
      flash[:notice] = 'Document was successfully created.'
      redirect_to :action => 'list'
    else
      render :action => 'new'
    end
  end
  
  def edit
    @document = Document.find(params[:id])
  end
  
  def update
    @document = Document.find(params[:id])
    if @document.update_attributes(params[:document])
      flash[:notice] = 'Document was successfully updated.'
      redirect_to :action => 'show', :id => @document
    else
      render :action => 'edit'
    end
  end
  
  def destroy
    Document.find(params[:id]).destroy
    redirect_to :action => 'list'
  end
  
  def view
    document = Document.find(params[:id])
    send_file document.public_filename, :filename => document.filename, :type => document.content_type
  end
end
